Posted
by
timothyon Saturday August 11, 2012 @02:36PM
from the crazy-hippie-pirate-moocher dept.

An anonymous reader writes "Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No. It seems weird that a patient can't get access to data about his own heart. Hugo and several medical device engineers are responding to live Q/A on Sunday night on such topics via ACM MedCOMM webcast at ACM SIGCOMM."

It seems weird that a patient can't get access to data about his own heart.

No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

Wasn't it ruled that natural genetic sequences can't be patented, only the specific modifications biotech companies implement? And where ever did you get that stem cells are patentable, they're not even an idea to be patented. There was that case about the HeLa-line, but in that case, it was ruled that since the cells were considered medical waste, it was the hospital's responsibility to see to their disposal as they see fit, granting ownership over the cells, and their descendants (since they are identical

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

No, that would mean your son/daughter; and as soon as they are old enough to legally grant you permission to do so, you can get that abortion.

No, that would be an aggressive uterine tumour which should be excised as early as possible in order to prevent many years of mental, emotional and financial trauma. Such tumours are the primary cause of many chronic social ills, including SUV's, sitcoms and stick-figure-family rear window stickers.

You cannot patent someone's stem cells or genes. That's a pop journalism myth. You CAN patent treatments, given to other people, based on those stem cells or genes. It's okay though, if you have kids you won't be guilty of patent or copyright infringement.

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

Access to data doesn't have to mean code review or access to command and control functions.

I have access to the event logs on my MS Windows O/S, doesn't mean I have the Windows code base.

/posting A/C because I work for one of the ICD manufacturers mentioned in the blog

I'm aware of that, but as any hacker knows the more you know about something the more chances are of spotting something you can use to get into it. It might not be much of a risk, say one chance in a trillion that it lead to an exploit... but this is a defibrillator built in to some guys chest we're talking about here. You heard about the hackers that raped some guys icloud account just for the lulz on their way to take over his twitter? Yeah that. I don't want those kinds of people to have a one in a trill

Any entity that collects medical data on you MUST provide a way to get you copies of that information. If he really wants the data that badly, I'd contact a lawyer and pursue it from the HIPAA angle. Chances are very good there's probably not a hell of a lot of information in it. If he's really worried about it, he should contact his cardiologist and have them order an interrogation the pacer. Pretty simple stuff really and that way its covered under insurance..(probably unless there's no medical reason to do so). They probably aren't going to come out and interrogate it in the home, because they fiddle with the settings to make sure its working right and for that reason it needs to be done only in a setting where he's on telemetry and has medical staff standing by.

True, but there's no definition of "data" in HIPAA. Suppose you get a cholesterol test, all you see is the final number, not the inner workings of the instrument that made the measurement. If they're recording the measurements and making them part of a medical record I agree that should be shared, but this is less clear.

The summary isn't clear (and the link is just to a blog that seems to have moved on...) about whether he's requesting copies of his medical data, vs. technical information that would allow him to interoperate with the device such as extracting data from it himself. I would imagine they are treated differently under the law.

Ironically, the last time I went for a blood test the lab told me that HIPAA prevented them from sending me a copy of my test results, and that I would have to get a approval from my doctor for them to do so. The doctor's office gave me a copy, but the whole thing still confuses me. I mean, I'm attached to the arm they're drawing the blood from, so there's no doubt I'm the person the test results pertain to. I should be able to decide where the test results go, right?

If the information is common to everyone with the same implant is it, by definition, not personally identifiable or private health information. Disclosing the existence of patient Q to patient R, or visa versa, would be a violation. But merely telling either of both of them independently that they have their implant set to "Mode B" is not, just as telling patient Q that he has a heart rate of 79 is not a violation if patient R happens to also have a heart rate of 79.

Also, even if there is some private data that needs to be hidden, it's entirely possible to design a crypto system that's secure against known-plaintext attacks. Almost are modern crypto systems are; you'd have to do something dumb to not get that feature from any common crypto library.

* the individual’s past, present or future physical or mental health or condition,* the provision of health care to the individual, or* the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual."

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

He is not a psych patient so all his healthcare info legally belongs to the him...

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

You never know, he could get stuck in a feedback loop. He sees that his heart is beating a little fast because he's anxious about what his heart rate is. This causes more anxiety which causes his heart to beat faster. Seeing that it is out of control sends him into a panic and pushes the rate even higher, etc. Eventually he has a heart attack and sues the company.

I usually avoid hospitals and the medical profession in general unless it is needed, ie, broken bones or donating a kidney (Which I did recently.)
A couple years ago while camping my some broke a bone. I put it in a splint then took him to the hospital to get a get it set and placed in a cast. This was on a Saturday in a very "out-in-the-boonies" location. Before the staff would even look at my son, I had to sign a patient's "Bill of Rights." indicating that I had read the items on their list... There were around a dozen items and I don't remember what they were except for the first one. "The Patient has a Right to all medical records assembled during the visit." Maybe this is enforced in other hospitals. I don;t know.

Anyway, My son was X-Rayed and dealt with and released.

On the way out, I asked the secretary, who made me sign the "Patient's Bill of Rights," for a copy of my sons X-Rays and a print out of the Vitals they recorded. I was told "No, Those are not for you." I put on my "Contrary-Old-Bastard Hat" and stated that I have a "right" to those and read back the 1st item on theh "Patient's Bill of Rights." I explained that the X-Ray and vitals were records of the visit and that the hospital, before my son was allowed any medical attention, made me sign a form to acknowledge that I have a right to those records. I was told that I had to go through the Records department and Billing in order to get the records. These offices would not be open until the following Tuesday (due to a Holiday.) Not wanting to get mad at the secretary for doing her job, I asked to talk to her boss or whoever was in charge of the hospital that day. She informed to me with all of her arrogance that since it was the weekend, she was in charge. So I ranted to her for a while and then read the entire "Patient's Bill of Rights" to her. I strongly emphasized that nowhere in this document, which we both signed, did is mention that I should go through Billing and records. After ranting a bit more she let me know that my son's doctor can request the records and the records will be sent without charge. I explained more how I am his parent/Guardian and in charge of his primary care and that I want the records to that I can hand deliver the records when I can return and set an appointment for cast removal. Again I read the entire "Patient's Bill of Rights" to her and then explained that nowhere on it did it say that my doctor was to get the records. I asked her bluntly to obtain a copy of the records. She actually stomped her foot and said, "No."

"OK," I said, "since I have been forced to acknowledge that I have a right to my son's records, I am going to sit right here in the middle of this hallway until I get them." And I did; I sat down in the middle of the hallway. (My son was looking at me in a state of shock -- He was at that Jr. High age when anything a parent does is considered embarrassing.)

The secretary stared at me for about 30 seconds. then left. A minute after that she came out with a doctor and he asked what was up. I mentioned that I was waiting for a copy of my son's medical records. He nodded, went behind the counter and gave me the X-Rays and vitals papers. I said "Thank you" and left.

This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

Emboldening mine. I know where the attitude originates, and so doe Sid Meier...

"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
- Commissioner Pravin Lal, Alpha Centauri

Obviously I don't know what he actually said here, there are polite ways to ask for things and impolite ways, but I've been on the receiving end of this "We won't give you your own information" bullshit before. In my case, the lady behind the counter claimed that there was some law preventing her from giving the information to me. I didn't have a piece of paper stating exactly the opposite, so I ultimately just had to leave without getting the test that I had come for.

It doesn't sound to me like he was being a dick. Maybe a lawsuit would have been more appropriate than sitting in the hallway, but this is a significant problem and I'm glad he stuck to his guns.

+1. There is a fine line between being polite and being a coward and the difference in people's opinions on this matter generally stems from how much they value contracts in general. If you are the kind of person who simply never reads what they sign and just accepts any perceived future unfairness (most people) then you're a lazy coward in my book who only has rights because of the "dicks" of this world. If you don't read what you sign but later resolve to fight perceived unfairness (by refusing to pay

a little speech about how civilized people act in a civilized society.

Odd, I was thinking about the same thing. Except that it's the receptionist who needs that speech, not the poster. The poster wanted nothing more than that the reception spend literally a couple of minutes getting what he had a clearly documented right to have. Three cheers for the poster! If more people would refuse to put up with bureaucratic bullshit, the world would be a much better place. I hope his son grows up to be just like him.

Call again later when someone more senior is available. Contact the patient's advocate at the hospital to lodge your complaint for the bureaucratic hoops you were forced to jump through. Move on with your life.

These are white people problems--get over it. The guys isn't Rosa Parks.

Are you honestly suggesting that this has something to do with his race? I think you meant to say "rich people problems" but you fucked it up.

Your solution is that he should jump through more bureaucratic hoops of the hospital's complaint process in order to complain about the bureaucratic hoops that he was already forced to jump through. That is not moving on your your life. He seems to have handled this in the most expedient way possible.

you can't even see the raw data from the water temperature gauge, so of course we are all too dumb to see complex health data. The temp data is manipulated so the gauge needle stays in the middle nearly all the time. Exceptions are when the engine is very cold or when it overheats. Normal fluctuations are not shown because they cause unnecessary service calls. There was a recall on Jag sedans to put a resistor in series with the temp sender to damp out needle fluctuations. My MINI does the same thing

I thought you said you didn't have access to this info? What this guy wants is exactly like an ODBII port for his heart. Most people don't care if their gauge fluctuates some. That's normal. If you care, do like I do and leave a Bluetooth reader hooked up and get the android app torque that let's you pull that up whenever.

"Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No.

If he wants information about his heart, why isn't he talking to his cardiologist?

Someone who knows his medical history? Someone who can interpret the data correctly?

Does the manufacturer have the data he wants?

What Is Follow-Up Like with ICDs?

After your ICD is implanted, the doctor will want to see you four to six weeks after surgery to make sure the surgical site is fully healed and to answer any additional questions that may have occurred to you in the interim. Afterward, the doctor will usually want to see you in the office two to four times per year. During all these visits, your ICD will be wirelessly "interrogated" using the programmer. This interrogation gives the doctor vital information on how the ICD is functioning, the status of its battery, the status of the leads and whether and how often the ICD has needed to deliver therapy - both pacing therapy and shocking therapy.

Some modern ICDs have the capacity to wirelessly send this kind of information to the doctor from your home, through the Internet. This "remote interrogation" feature allows the doctor to evaluate your ICD whenever needed, without requiring you to come to the office. Even if your ICD has this remote feature, however, the doctor will want to see you in the office at least once a year.

Disclosure: I am a doctor, and I work with patients with pacemakers on a frequent basis.

If he wants a raw printout of the data generated, he should make an appointment, stop by his cardiologist's office, and ask the cardiologist. I've been asked a few times by curious patients to see the readouts. I always show it to them, give them the clinical interpretation of the data, and let them keep it if they want. Most don't; it's several hundred small pages of gibberish to an untrained eye, linked together like the old dot matrix printer pages.

If he feels uncomfortable with having a machine in his body that he can't check out himself every second of every day, he can ask to have it turned off ("turned off" being simplistic) or for a surgeon to remove it. [Insert belief system here] didn't give him the pacemaker growing in him when he was born - he can choose to use it as designed or choose not to use it, which is a valid choice. There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device, including settings that could harm or kill the patient. The encryption IS the security on implantable, reprogrammable medical devices; password, 2 step authorization or the like is not possible due to the existence of medical emergencies in which prompt access by medical personnel not normally involved in his care to the input and output of the device can mean the difference between life and death.

While people can do things to your natural heart that can make cease to function, they know better than to just casually meddle in such things (unless they're major criminals, or too stupid to live.) And it takes more than a slip of a finger or an accidentally typed zero to do it. As a practical matter, this is not going to be true of implants.

How often have you seen a device that transmits *something* wireless being properly secured when the companies goes "No, we can't give you access to that...because...it is too complex for you to understand!" or "Why should we give you that data?"?

If it's encrypted, then this would give them access to both the cyphertext and cleartext of the data, which is the essentials of what you need to reverse engineer the cryptography.

Now ideally, the control and reporting cryptography would use different keys, but there is only so much code you can fit into a small embeddable medical devices, and it's likely they are the same code, if not the same key pair.

In this case, it's reasonable to not give samples of both sets of data out to prevent reverse engineering of the control channel which could then be used on someone else's implanted medical device.

I suspect their refusal to allow access might be along the lines of hiding from potential liability if the product reacts or behaves improperly at any time. Imagine a grieving widow who discovers a pattern in the data where the device takes 3 minutes too long to respond properly every 500 or 1000 times it stimulates the heart or the input says it should.

You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor. Perhaps they are worried the control signals would be discovered and after a trip to an electronics store, the widow could be celebrating getting rid of her husband instead of grieving? I see no other reason for keeping it hidden other then to avoid liability or stop potential abuse.

Concerning the (absence of) malfunctions, wasn't that the goddamn job of the FDA in the first place?

As for the remote tinkering, what does the output have to do with the input? Suppose some sort of requests are required to yank the data out. What possibly could be the problem in making the readout plain and setup secure?

First, the FDA isn't some magic group that never gets anything wrong. They have approved devices, drugs and treatments that later was found to have significant life threatening problem. They are supposed to test and weed those problems out or even approve of the dangers as acceptable and manageable considering the goals of the device, drug or treatment. The FDA simply is not a magical group of people who never allow something potentially harmful outside of it's labs. It's design was traditionally to validate claims and ascertain harmful effects so we didn't have electrified dildos out there still treating female hysteria and hair loss or leaching to treat pneumonia.

Second, knowing the output can isolate the input not used to initiate the output. It can also be used to determine or differentiate the control signals verses the information. Also, if you are used to cracking wifi encryption, assuming these things use some sort of encryption, knowing what most of the signal will say- even just portions of it- goes a long way at finding the key to cracking the encryption and the signal altogether.

As for access to the output, I don't have a problem with it. I actually think it should be a right of the patient. I know the doctor gets access to the readout and makes changes to the devices based on it. Perhaps they don't want the patent influencing those changes by discussing them with the doctor? There are a load of reasons ranging from the paranoid to the idiotic and from the quality of operation to hiding the workings from competitors.

The less data/information they give to personal injury lawyers the safer they are. Even if there's nothing wrong with the device a jury could be convinced that something was wrong with pretty graphs that show...something.

Do you really though? If you ask your hospital for a copy of your record, do they give it to you or do they redact it first?

I work for a hospital, and I can answer that: they redact the shit out of it. And they're so fired up about making sure they can redact the information that I would be fired if I ever opened my own medical record. The best part is that they claim in the pretty pamphlet they give new hires that medical records are copyrighted property of the hospital board.

Do you really though? If you ask your hospital for a copy of your record, do they give it to you or do they redact it first?

In the US, they redact it to protect your PHI, if they are sending records to third parties for certain purposes

You have a right under the law to your complete medical records.

Redaction, in case where you order all your medical records to be released to yourself,
would be a violation of your patient privacy rights, and you could file a regulatory complaint against the hospital in

Not to sound against it, buta) Would he understand what the data meant?b) Maybe the software and what not is proprietary?

Just some thoughts that come to mind

a) He certainly isn't going to have a better chance of understanding the data if he isn't allowed to see them... Would I be polishing my 'I told you so' reflexes if he decides to do a bit of amateur reprogramming? Sure. Does denying somebody access to even view data because they might not understand it make sense? About as much sense as keeping books away from children because they aren't yet literate...

b) Given that the manufacturer won't disclose it, it apparently is proprietary. That's sort of the entire issue. We have now(and, barring exciting economic apocalypse of some flavor) and will have in greater numbers and in more significant capacities, a population for which 'binary blobs' are inside their bodies, not their laptops. Some of them don't like this.

The same justification could be given to forbid patients from seeing their blood tests, or even reading any medical literature. That is bullshit. Medics are not all knowing and patients are not retarded children. Patients have the right to decide for themselves what they want done with their own bodies and to fully exert this right the more information they have the better.

They have to give them to you here in my country (Brazil), here your doctor can only see your tests through you. He asks for the exams, you go to the lab, they collect your samples, and when the results are ready you go there and get them (or get them through the internet) and bring them to the doctor, if you so wish. If you prefer you can just get the results and bring them to another doctor and never go back to the former one, who requested the tests, or you can bring them to both.

I don't know specifics about how the procedures are in US, but I do know that under HIPAA they must give you any results you request They can't legally refuse to do so.

I don't know specifics about how the procedures are in US, but I do know that under HIPAA they must give you any results you request They can't legally refuse to do so.

Actually, the way it typically works in the US is: The company can make the judgement that you don't have the funds (or the time;-) for a successful court challenge, which will take a decade for all the appeals and more money than you'd believe. In the meantime, they can continue to refuse to give you their medical info, without any further legal repercussions than your lawsuit, which they will delay with every legal trick available. If you actually do have the funds (and live long enough), yes, you can get them to obey the law -- and give you their data from a decade earlier. Meanwhile, they've upgraded your implants, and the court didn't order them to give you the data from your current model(s), so they don't.

My wife and I had our annual physicals recently, and got our blood test results in the mail without even asking for them. (Of course, it kind of proves the other post's point since my wife freaked out about hers even though all her numbers were [barely] normal.)

There are several very good reasons why he shouldn't have a raw feed from the device manufacturer./quote?
Yes, the same reason that some people shouldn't be allowed to vote, or should be owned instead of being responsible for their own well being....

"should be owned instead of being responsible for their own well being"

If someone is going to be responsible for his well being, he should be given the best possible information, not the raw, context free dump some engineering company e-mails him.

If you ever find a doctor who's willing to treat a close relative (or himself) for something serious, find another doctor. Most won't do it, and none of the good ones will. EVERYBODY's judgement is clouded when they're considering things seriously affecting their

The tech who gives you an x-ray, CT or MRI scan won't give you the images either. You can request them from your doctor, and he will (or may have to) give them to you, but he'll probably want to sit down and go through them with you first.

Hey, that's false! My wife got an MRI recently, and I asked the technician to give us a copy of the data. There was no objection or hesitation, the technician simply burned a CD and handed it to us on our way out. I learned that their images are stored in a proprietary format, but conveniently the CD came with the software necessary to view the images.

Technically correct. It *is* a copyrighted standard, with the copyright being held by the National Electrical Manufacturers Association. When defining proprietary software as "computer software licensed under exclusive legal right of the copyright holder", this standard would fall into that category.

The tech who gives you an x-ray, CT or MRI scan won't give you the images either.

Nor really true anymore, but not for the reason you'd expect.So many hospitals send you to private locations for imaging these days that you often ARE given your MRI and CT scan results simply because you're expected to cart them to your Dr. yourself. Saves them a buck.

Also, many hospitals no longer put casts on broken limbs, they simply diagnose & xray and send you with the xrays to an orthopedist.

I scanned the xrays of my broken ankle and put them on Flickr.

When I got a CT scan of my head, I used images of my brain as my Facebook profile photo.

When I got an MRI they handed me the data disc to take to the Dr. I made a copy, figured out the strange image format and will post those to flickr some day when I'm bored.

Meanwhile when I got to the Dr. with the original disc, I ended up having to show HIM how to use the included app and view the images.

That is an important point on this subject. Implants are only going to become more common in the future. That implant and it's software are a part of him now. What percent of a person can be outright owned by another person before we call them a slave? 1%, 10%, does it have to be 100%?

You don't get to peek inside your machine to see for yourself it's a good one, just like the airline will not let you take a wrech to the jet engine or even kick the plane's tires.

I have one of these devices [bostonscientific.com] since last year after my (4th) heart attack. I am also a physician, so I would understand the data. But honestly I don't see the need. When I go get checked up, the Boston Scientific staff are more than happy to explain anything I ask - and I do ask some detailed questions. I am quite sure that the device and its software are proprietary and also trade secrets of the company.

But there's another reason: Honestly one shouldn't go around tinkering or "hacking" an implanted device. They come with limited battery life - most of which is covered by warranty (if my battery runs out before 10 years I get the device replaced and the procedure paid for by the company, anywhere in the world). Radio signals require energy, asking the device to read its cache requires energy, and the manufacturer would be put in a position where it might have to cover a warranty on a battery that didn't fail because of design, but because of tinkering. They can hardly say "no" and let the patient die. That, and of course what if the "hacker" manages to mistakenly change the machine's settings so it's firing inappropriately, draining the battery within days, or better yet firing and triggering a lethal arrhythmia. The company would be blamed (at least initially) for a "faulty" device. It's bad business, and I understand it.

I really don't feel like playing with my implant. I really don't feel like paying for someone else who wants to play with their implants, in the form of increased costs because the company has to set more aside for liability. I selected my device after both research into the company, the model, and this type of device as a whole. And my cardiologist's opinion. And a 2nd opinion. You can look at the statistics for the device, compiled in a scientific manner, and compare it to other devices, and that's it.

Well, the problem with your airplane analogy is that this airplane doesn't collect very intimate details about me while I sit in it. I guess the main trouble isn't that he doesn't trust the device to keep him alive, what he might be worried about (and what I'd surely worry about) is just what data this thingie is going to collect.

Neither does kicking automobile tires, but people seem to insist on doing it. I'm also sure a pressure gauge in the hands of joe 6-pack would do far more harm than good around airplane tires. What do you mean 230 PSI? No no there's too much pressure in those things!

I personally wouldn't see a problem with it. After all it's only data. I can't speak for the implant maker though. Maybe they'll burn a CD for you one day, like they do with almost everything else. Ultrasound? Here, take this CD home. Angioplasty? Here, have a CD... Heck it could even be a selling point.

If you produce data from my body, I think it's only fair that I get access to it. I want to know what data a company collects about me, especially if it's as personal as data from one of my vital organs.

If I don't understand the data, I can go to a doctor and have him translate it. If the software is proprietary, I'll go to you and have you extract the data, then you may give me the data. I trust that you didn't copyright numbers and letters?

These things tend not to be quite so frivolous when you look into them.

Straight Dope Boards [straightdope.com] suggests that there was a design issue that the gas can manufacturer knew about, that would result in an explosion. A slight redesign would have meant that the 4 year old would have survived.

i had a blitz brand gas can, it was a leaky piece of shit and the spout fell apart on me when i was pouring. i don't know the details of the lawsuit but i am not surprised they got sued out of business using such low quality construction for something as hazardous as holding gasoline.

Come on even Bacardi 151 has a flame arrestor on the bottle. Get with the times other companies can make a better gas can so you better do so as well or you will lose your company. It is called the American Dream or Capitalism.